| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Gurjeet Singh <gurjeet(at)singh(dot)im>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "Brindle, Joshua" <joshuqbr(at)amazon(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com> |
| Subject: | Re: [PoC/RFC] Multiple passwords, interval expirations |
| Date: | 2023-10-20 02:22:07 |
| Message-ID: | 1ef3dfdb9f1f1f84286e431507c80eb4ab5a7ff4.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2023-10-18 at 14:48 -0400, Stephen Frost wrote:
> Right, we need more observability, agreed, but that's not strictly
> necessary of this patch and could certainly be added independently.
> Is
> there really a need to make this observability a requirement of this
> particular change?
I won't draw a line in the sand, but it feels like something should be
there to help the user keep track of which password they might want to
keep. At least a "created on" date or something.
> > (Aside: is the uniqueness of the salt enforced in the current
> > patch?)
>
> Err, the salt has to be *identical* for each password of a given
> user,
> not unique, so I'm a bit confused here.
Sorry, my mistake.
If the client needs to use the same salt as existing passwords, can you
still use PQencryptPasswordConn() on the client to avoid sending the
plaintext password to the server?
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrei Lepikhov | 2023-10-20 02:36:07 | Re: Add the ability to limit the amount of memory that can be allocated to backends. |
| Previous Message | Erik Wienhold | 2023-10-20 02:13:27 | Re: Fix output of zero privileges in psql |